CVE-2007-0169

Description

Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allow remote attackers to execute arbitrary code via RPC requests with crafted data for opnums (1) 0x2F and (2) 0x75 in the (a) Message Engine RPC service, or opnum (3) 0xCF in the Tape Engine service.

Related CPE's

Could not find any relations

References

http://www.zerodayinitiative.com/advisories/ZDI-07-003.html

Exploit

http://www.zerodayinitiative.com/advisories/ZDI-07-004.html

Exploit

http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.asp

Patch

20070111 Computer Associates BrightStor ARCserve Backup RPC Engine PFC Request Buffer Overflow Vulnerability

VU#180336

US Government Resource

23648

Vendor Advisory

VU#151032

US Government Resource

22005

22006

1017506

20070111 [CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup Multiple Overflow Vulnerabilities

31327

ADV-2007-0154

Vendor Advisory

brightstor-messageengine-rpc-bo(31443)

brightstor-tapeengine-rpc-bo(31433)

20070111 ZDI-07-003: CA BrightStor ARCserve Backup Message Engine Buffer Overflow Vulnerability

20070111 ZDI-07-004: CA BrightStor ARCserve Backup Tape Engine Buffer Overflow Vulnerability

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version	2.0
VectorString	AV:N/AC:L/Au:N/C:P/I:P/A:P
AccessVector	NETWORK
AccessComplexity	LOW
Authentication	NONE
ConfidentialityImpact	PARTIAL
IntegrityImpact	PARTIAL
AvailabilityImpact	PARTIAL
BaseScore	7.5

Created by Yello

About Severity.io